The use of software as a service (SaaS) is pervasive among businesses. Some of the key characteristics of SaaS are: the software application is hosted on third-party servers the software application is accessed via the internet the software code itself… Read More ›
Cloud Computing
Are your Terms of Service unconscionable?
The Supreme Court of Canada has substantially broadened the application of the doctrine of unconscionability and its application to contracts of adhesion. The result is a further elevation of the role of reasonable expectations in determining the enforceability of contractual… Read More ›
Does your cloud contract meet Canadian data breach standards?
Canada’s federal data breach reporting law has been in force for almost 6 months. Do the major multi-national cloud infrastructure as a service firms contractually commit to help their Canadian customers comply with data breach reporting obligations? Or, do they… Read More ›
The GDPR & Canadian businesses: applying the EDPB’s draft guidance
The European Data Protection Board (EDPB) has released draft Guidelines on the territorial scope of the General Data Protection Regulation (GDPR). The consultation period closes on January 18, 2019. Even though the Guidelines are not final, there are several very… Read More ›
Outsourcing and criminal record check requirements
Earlier this week, I posted an update about the coming into force of the Ontario Police Record Checks Reform Act. With increasing frequency, Canadian employers are conducting criminal records checks on job applicants. There are numerous reasons why employers conduct… Read More ›
Privacy, data localization and the USMCA
Any hopes by privacy advocates of stronger data localization requirements for Canada have been dashed by the United States Mexico Canada Agreement (USMCA). The U.S. Trade Representative (USTR) achieved its objectives on data localization for the renegotiation of the North… Read More ›
Should your cloud computing provider report suspected security breaches?
Earlier this week, I wrote about new Alberta breach reporting obligations in the Alberta Health Information Act. This post considers how distinctions between suspected, probable, unconfirmed and confirmed data breaches matter in cloud computing agreements. Not every security incident is… Read More ›